opkforall.blogg.se - Teamviewer unattended access how to make stealth

These direct-desktop-control protocols are open to attack when exposed publicly. It was Team Viewer in this case – for another organization it could have been RDP or VNC.

Unterminated direct-access protocols exposed on the internet.

The attacker did not have to prove they were an authorized user, knowledge of the one machine-level password was sufficient to execute the attack.

Reliance on the machine-level password, with no requirement for user-level authentication.

A Windows machine with a weak machine-level password.

The exploitation of a single point-of-entry.

In other words, the Oldsmar setup reflected at least four security vulnerabilities: In this instance, once hackers gained access through a single point of entry, namely the Windows 7 machine, they tapped into the treatment center’s operational equipment – all remotely. Investigators believe that hackers may have tapped into the system by exploiting weak password protection and likely used TeamViewer – a desktop sharing software – to gain unauthorized system access. The cause of the compromise has been traced back to the treatment plant’s use of Windows 7 – an operating system no longer supported by Microsoft. If an operator had not noticed the inconsistency and quickly reversed it, we would have had a major safety event. In early February, attackers took control over one of Oldsmar’s water treatment plant systems, increasing the amount of sodium hydroxide (aka lye) by 11 times. These system breaches can have widespread reach leading to catastrophic repercussions, and in Oldsmar’s case, they could have even been fatal. With the growing convergence of IT and OT, connected operations have become vulnerable to the same threats as their IT counterparts – with remote access creating a bridge for hackers to make their way into OT environments. As a result, we’ve witnessed a number of attacks on industrial operations, including most recently the attack on the water treatment facility in Oldsmar, Fla. Unfortunately, hasty digital transformations left behind a patchwork of remote access capabilities vulnerable to exploit, particularly in operational technology (OT) environments.

Today’s columnist, Duncan Greatwood of Xage, offers insights into how organizations can adopt a Zero Trust approach to protect against similar attacks.Īt the onset of the pandemic, organizations rushed to deploy remote access to prevent costly interruptions and adapt their workforces to COVID-19. The attack on the Oldsmar, Fla., water treatment plant earlier this year raised the profile of operational technology events and attacks on critical infrastructure.